Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/j1u8pKv6WDpKWHNfTG3-2e-THVg.roa
File:                     j1u8pKv6WDpKWHNfTG3-2e-THVg.roa (raw, json)
Hash identifier:          Sapi5S/yyBApSS6nscC5WFl9ZutpYyd6/x4pc+qXrS8=
Subject key identifier:   8F:5B:BC:A4:AB:FA:58:3A:4A:58:73:5F:4C:6D:FE:D9:EF:93:1D:58
Certificate issuer:       /CN=6b6e969fe8fb7b2a6b6e464426a4a703d37eb554
Certificate serial:       01933035C339137EF778804CEB0A4C0DAAFD
Authority key identifier: 6B:6E:96:9F:E8:FB:7B:2A:6B:6E:46:44:26:A4:A7:03:D3:7E:B5:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a26Wn-j7eyprbkZEJqSnA9N-tVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/j1u8pKv6WDpKWHNfTG3-2e-THVg.roa
Signing time:             Fri 15 Nov 2024 14:24:09 +0000
ROA not before:           Fri 15 Nov 2024 14:24:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        185.54.84.0/22 maxlen: 22
                          2a04:d180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/a26Wn-j7eyprbkZEJqSnA9N-tVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/a26Wn-j7eyprbkZEJqSnA9N-tVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a26Wn-j7eyprbkZEJqSnA9N-tVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:30:35:c3:39:13:7e:f7:78:80:4c:eb:0a:4c:0d:aa:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b6e969fe8fb7b2a6b6e464426a4a703d37eb554
        Validity
            Not Before: Nov 15 14:24:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f5bbca4abfa583a4a58735f4c6dfed9ef931d58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0f:62:b0:66:e9:5c:a0:a6:da:1e:e2:4b:46:
                    10:95:b8:15:4e:cd:f3:d7:34:1d:44:fd:51:7f:17:
                    42:21:54:2c:fa:d3:76:60:6c:fb:05:66:72:16:b9:
                    c6:dd:fc:09:a9:82:82:3c:1d:4e:b0:6e:47:c4:a2:
                    d4:48:3d:72:f7:ce:c2:1e:c0:7a:14:33:f6:35:68:
                    e6:96:b9:ba:1c:05:32:7b:51:d2:f2:33:6e:a4:d7:
                    41:95:d9:09:21:f8:5f:06:14:1d:69:88:65:0b:d0:
                    b0:33:b9:df:9e:7c:48:ed:35:42:ad:ee:5d:83:4a:
                    40:29:86:c7:bf:e9:d3:9c:ed:2e:c4:6f:2c:60:d5:
                    50:84:85:8b:3c:82:a1:bf:a4:48:85:a7:bb:a2:ef:
                    52:7e:2e:7c:dc:26:09:bd:ba:0b:c4:aa:fa:dd:16:
                    b6:1b:67:de:71:58:35:b5:e9:77:5e:c3:ad:67:8f:
                    37:29:a7:c4:a0:fc:99:bb:d5:d4:03:2e:4f:7f:9f:
                    c3:00:f1:0e:2f:8b:21:fd:17:42:d4:8e:d1:ce:4c:
                    e9:16:8d:d5:c7:cb:6c:4a:05:48:f7:fd:bf:27:02:
                    7e:3c:71:97:53:08:b5:8f:b4:2e:f6:fa:10:fd:b2:
                    05:44:48:11:3a:2c:ae:45:93:2d:19:97:35:c6:c0:
                    4a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:5B:BC:A4:AB:FA:58:3A:4A:58:73:5F:4C:6D:FE:D9:EF:93:1D:58
            X509v3 Authority Key Identifier:
                keyid:6B:6E:96:9F:E8:FB:7B:2A:6B:6E:46:44:26:A4:A7:03:D3:7E:B5:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a26Wn-j7eyprbkZEJqSnA9N-tVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/j1u8pKv6WDpKWHNfTG3-2e-THVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/a26Wn-j7eyprbkZEJqSnA9N-tVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.84.0/22
                IPv6:
                  2a04:d180::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:f4:99:cd:ed:64:96:77:8e:05:b8:02:4e:09:38:33:24:e8:
         e8:a2:07:ac:46:7f:b7:37:73:30:05:8f:db:34:bb:5c:b3:66:
         ea:4b:49:37:5c:ac:a6:20:1c:b1:e6:0c:38:f1:03:21:6f:83:
         90:e1:ff:81:5b:30:c5:88:80:8e:63:20:12:7d:aa:ee:60:ed:
         8a:81:7a:71:70:bd:17:c4:2b:8c:5a:25:da:3a:b9:9e:08:b6:
         23:84:5c:4f:3c:f2:68:23:de:9a:92:13:e6:c9:24:41:b2:81:
         0a:16:cc:14:7e:e8:76:6e:d2:47:df:08:86:07:5f:49:45:13:
         d3:87:de:97:04:37:66:59:f7:8f:6f:8b:58:30:4b:22:a9:74:
         c0:11:a7:3d:dd:f4:ad:5d:85:11:84:be:d0:d9:47:3e:7c:9f:
         18:46:7b:e9:91:15:69:20:c2:bb:b4:e4:d4:d1:c6:36:5c:e2:
         4f:86:b1:4e:31:a2:5e:b8:6a:fb:e5:53:30:a2:fe:19:d5:4a:
         8c:74:ad:fa:ce:23:ab:4e:61:e8:6c:e9:d0:3d:fd:49:0d:c9:
         ec:7d:d6:a5:9a:67:e0:cb:d6:85:b9:6d:93:a3:cf:82:74:97:
         23:39:cf:ab:88:35:a4:7b:d3:33:cb:8a:39:54:86:36:75:41:
         be:04:09:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMwNcM5E373eIBM6wpMDar9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNmU5NjlmZThmYjdiMmE2YjZlNDY0NDI2YTRhNzAzZDM3
ZWI1NTQwHhcNMjQxMTE1MTQyNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjViYmNhNGFiZmE1ODNhNGE1ODczNWY0YzZkZmVkOWVmOTMxZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0A9isGbpXKCm2h7iS0YQlbgVTs3z
1zQdRP1RfxdCIVQs+tN2YGz7BWZyFrnG3fwJqYKCPB1OsG5HxKLUSD1y987CHsB6
FDP2NWjmlrm6HAUye1HS8jNupNdBldkJIfhfBhQdaYhlC9CwM7nfnnxI7TVCre5d
g0pAKYbHv+nTnO0uxG8sYNVQhIWLPIKhv6RIhae7ou9Sfi583CYJvboLxKr63Ra2
G2fecVg1tel3XsOtZ483KafEoPyZu9XUAy5Pf5/DAPEOL4sh/RdC1I7RzkzpFo3V
x8tsSgVI9/2/JwJ+PHGXUwi1j7Qu9voQ/bIFREgROiyuRZMtGZc1xsBKAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI9bvKSr+lg6SlhzX0xt/tnvkx1YMB8GA1UdIwQY
MBaAFGtulp/o+3sqa25GRCakpwPTfrVUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTI2V24tajdleXByYmtaRUpxU25BOU4tdFZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9hOTc5MjYtNDEwYy00NjZiLThiZjQt
YWIxNmI2OWU2YWQ1LzEvajF1OHBLdjZXRHBLV0hOZlRHMy0yZS1USFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9hOTc5MjYtNDEwYy00NjZiLThiZjQtYWIxNmI2OWU2YWQ1
LzEvYTI2V24tajdleXByYmtaRUpxU25BOU4tdFZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTZUMA0E
AgACMAcDBQMqBNGAMA0GCSqGSIb3DQEBCwUAA4IBAQCY9JnN7WSWd44FuAJOCTgz
JOjoogesRn+3N3MwBY/bNLtcs2bqS0k3XKymIByx5gw48QMhb4OQ4f+BWzDFiICO
YyASfaruYO2KgXpxcL0XxCuMWiXaOrmeCLYjhFxPPPJoI96akhPmySRBsoEKFswU
fuh2btJH3wiGB19JRRPTh96XBDdmWfePb4tYMEsiqXTAEac93fStXYURhL7Q2Uc+
fJ8YRnvpkRVpIMK7tOTU0cY2XOJPhrFOMaJeuGr75VMwov4Z1UqMdK36ziOrTmHo
bOnQPf1JDcnsfdalmmfgy9aFuW2To8+CdJcjOc+riDWke9Mzy4o5VIY2dUG+BAnm
-----END CERTIFICATE-----